Friday, August 9, 2013

#00: the beginning

**My opinions are my own, and not of my employer**

I started this blog to help me to put down somewhere things that I am learning about with regard to security and things that interest me in the field of Security.  I don't want to say I'm an "Information Security Professional"... it's too constricting.  I mean, if you look out there, there is a whole world of security concepts and tasks, and you'd be hard pressed not to find something in there that doesn't tickle your fancy.

Security researchers these days are getting into all kinds things.  It used to be that networks (wireless or wired), servers and workstations, or databases were the only gems to exploit.  But in recent years, researchers like the late, great Barnaby Jack and others have been looking at SCADA systems, vehicles, medical devices, etc for security vulnerabilities. And let's not forget the whole mobile platform.  Tablets, phones, mini-PCs, all run a varied operating system with a user base that suffers from either lack of knowledge, or they don't want to know.

I got into security late into the game.  Sure, I've been doing it my entire career, whether that be Physical Security (access controls to COMSEC), or Network Security (typical IT admin stuff).  All the way up to what I'm doing with my current job, which is compliance, governance, and attempting to wrest control of the network out of the hands of users who just want to do what they feel is necessary to get the job done.

I want to start this blog to highlight my continuing journey across the Security "Sea".  It's vast, it's fraught with difficulties, and the metaphorical boat I'm riding on has holes in it, or tigers even (nod to "Life of Pi").  I want to talk about security in the news that matters to myself and others, but also to talk about things that I'm learning.  I'm reading the C|EHv8 All-in-One right now, and I am skimming through the fantastic "Metasploit: The Penetration Tester's Guide", and once I finish with the C|EH, I'll begin working on learning more on Ruby and Python, which run Metasploit.

There's just so much I want to learn, and I often feel like there's too much, and that I'll never learn it all, as though I'm just trying to keep my head above water.  So, making this will help me chart my progress, and who knows, it may even be fun.

Take care, and if you want to talk, I'm on Twitter  @bryanbrake

No comments: